Virtual attendance at Annual General Meetings (AGM) has soared in recent years, providing unheralded levels of engagement, access and accountability. Traditionally, AGMs have been essentially a closed club, limited to only those with the time to visit in person. Today, though, through technology and amendments to the Corporations Act, shareholders and investors of any age, gender and location are attending virtually. More voices are being heard, and companies can tap broader and more engaged perspectives. The benefits are vast, but to truly feel them, we must guard against the Achilles Heel of today’s digital world: cyber security attacks.
Australian consumers and businesses have been rocked by the news of one cyber breach after another in recent months. One of the latest – and potentially biggest in Australian history – was Medibank. Hackers exposed the personal data of almost 10 million current and former customers. The breach came just weeks before its AGM, a meeting which hackers then threatened to target. For the beleaguered company, the AGM passed without incident.
However, as more people join AGM’s online across Australia (and, indeed, the world) the potential for human error – a leading cause of cyber breaches – increases. So how are we keeping shareholders safe and companies secure during today’s era of hybrid and virtual AGMs?
Protecting shareholder and investor data must be of paramount importance to any organisation, and the technology they entrust to facilitate their AGM – or any investor relations meeting, for that matter. To do so, organisations must use technology that has a comprehensive security framework to protect
data confidentiality and integrity.
Whether aligning to Commonwealth Privacy Act 1988 in Australia or GDPR in Europe obligations and data sovereignty requirements, organisations are required to securely transmit data and create a dedicated and segregated database for each meeting. Then, through the implementation of best-practice encryption, this data can be safeguarded even further.
At Lumi, for example, we enforce the highest standards of access management and data control so companies can trust that their data – and that of their shareholders – is processed in accordance with the strictest global legislative requirements and be confident of its security. As more Australians, with varying degrees of cyber competence and education, join AGMs virtually, the peace of mind that data is protected is worth its weight in gold.
Availability and Distributed Denial-of-Service (DDOS)
To ensure meetings aren’t vulnerable to targeted denial-of-service attacks – a malicious attempt to disrupt the normal traffic of a targeted server, service or network – technology safeguards meetings and blocks any unusual network traffic, ensuring a company’s shareholders can continue to participate and place those critical votes with no disruption.
Casting votes on crucial resolutions is the democracy AGMs are intended to promote, but it must be safe. Companies must host AGM voting through secure and resilient data centres in multiple global locations, with each jurisdiction selected to meet regional data privacy requirements – whether its Medibank’s AGM or one of the many thousands of others globally.
Third-party Security Assessments, Comprehensive Audits
In 2021 – at the height of the switch to hybrid AGMs in the wake of the pandemic – nine comprehensive security penetration tests were conducted by six different independent security third parties against our highly secure global voting platform. What’s more, through Qualys – an industry-leading automated vulnerability platform – we can conduct periodic and on-demand security assessments and code reviews against the Open Web Application Security Project (OWASP) standards. The purpose of this is to ensure the security posture of coding is maintained to the highest level.
Crucially, assessments should – and must – be regular. Hackers evolve and become more sophisticated every year, therefore so too must the defences that guard against them. And by developing a comprehensive audit and reporting suite that allows for voting activity to be validated and verified, companies can operate with full confidence that the results are complete and accurate.
Cyber security has become a defining issue in today’s digital world. That’s increasingly the case at AGMs; whether as a topic of discussion or to secure the meeting itself for the thousands of Aussie shareholders who join AGMs online every year. Companies today are endeavouring to build relationships with more engaged and diverse shareholders, and hybrid AGMs provide that in abundance. First, though, companies must ensure they – and the technology they use – is providing the safeguards they need to protect and engage with their shareholders online.